9.3

CVE-2018-0922

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOffice Version2010 Updatesp2
MicrosoftOffice Version2013 Updatesp1
MicrosoftOffice Version2016
MicrosoftOffice Version2016 SwPlatformmac
MicrosoftOffice Version2016 SwEditionclick-to-run
MicrosoftOffice Compatibility Pack Version- Updatesp2
MicrosoftOffice Web Apps Version2010 Updatesp2
MicrosoftOffice Web Apps Version2013 Updatesp1
MicrosoftSharepoint Enterprise Server Version2013 Updatesp1
MicrosoftSharepoint Server Version2010 Updatesp2
MicrosoftWord Version2007 Updatesp3
MicrosoftWord Version2010 Updatesp2
MicrosoftWord Version2013
MicrosoftWord Version2016
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 22.89% 0.957
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/103314
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040511
Third Party Advisory
VDB Entry